win32sux |
05-30-2009 07:06 PM |
Disabling the firewall's logging is overkill. It looks like it's mainly UDP packets for ports 123 and 10100 that are causing the excessive logging. You could insert some ACCEPT and/or DROP rules matching those packets at the top of the chains. That would put an end to this, and it lets you be very specific as to which packets you don't want to log. For example, if you want to disable logging only for locally generated UDP packets with destination port 123 on them which exit on eth1, you could execute either a:
Code:
iptables -I OUTPUT -p UDP -o eth1 --dport 123 -j ACCEPT
Or a:
Code:
iptables -I OUTPUT -p UDP -o eth1 --dport 123 -j DROP
...depending on whether you want to allow or deny the packet. Either command would prevent the packet from reaching whatever LOG rule it's currently hitting, and you can easily add more matches such as destination IP, for example.
|